From Paul Czywczynski, CTO, TempWorks Software:
There has been a lot of news in the past 48Â hours about a security vulnerability in a version of OpenSSL, commonly known as the â€śHeartbleed Bugâ€ť. OpenSSL is a popular cryptographic software library used to help keep Internet communications private, so understandably you may have questions about how this might impact your secureÂ information.
We take the responsibility of keeping your dataÂ protected very seriously at TempWorks. It is our top concern.
We would like to assure you that with regards to the Heartbleed bug:
- â€‹At no time has TempWorks operated a vulnerable OpenSSL endpoint.
- â€‹Our customers hosted data is encrypted by dedicatedÂ hardware as it leaves our network, no client data goes through an OpenSSL encryption layer.
- â€‹TempWorks operates Intrusion ProtectionÂ Systems (IPS) that are capable of identifying a Heartbleed attack (and many other attacks) in progress and alerting us immediately.
Information for our Self-Hosted Customers:
- â€‹TempWorks Software technologyÂ is based on Microsoft Windows Server , SQL Server, and IIS Server. These systems use Microsoftâ€™s SSL ownÂ stack which is known to be not vulnerable to Heartbleed.
- â€‹However, other network systems and servers used by our Self-Hosted Customers could possibly be vulnerable.
- â€‹Vulnerable systems could have compromised TempWorks data flowing through them, or compromised encryption used by TempWorks products if certificates are shared between servers running TempWorks and vulnerable systems.
We highly recommend Â our Self-Hosted Customers take steps to investigate and audit their internal systems. The following link is a good starting place to learn about the bugÂ and includes resources to tell if your systems are vulnerable:Â http://krebsonsecurity.com/2014/04/heartbleed-bug-what-can-you-do/
Again, we would like to reassure all our consumers that your TempWorks data remainsÂ secure.
If you have any questions, please feel free to reach out to our customer support team.